Six Feet Up Available to Help Patch Zope Security Vulnerability Affecting Plone 4.x
September 28, 2011
- Make sure that the Zope/Plone service is running with with minimum privileges. Ideally, the Zope and ZEO services should be able to write only to log and data directories.
- Use an intrusion detection system that monitors key system resources for unauthorized changes.
- Monitor your Zope, reverse-proxy request and system logs for unusual activity. In this case, these are standard precautions that should be employed on any production system.